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DETAILED ACTION 

1 . This office action is responsive to application filed on 8/27/2003. Claims 1-8, 13- 
18, 21-28, and 33-38 are pending examination, claims 9-12, 19-20, 29-32, and 39-40 
are withdrawn from examination. 

Election/Restrictions 

2. Restriction to one of the following inventions is required under 35 U.S.C. 121: 

I. Claims 1-8, 13-18, 21-28, and 33-38, which are directed to computer 
network access regulating (access authorization), classified in class 709, 
subclass 225. 

II. Claims 9-12 and 29-32, which are directed to prioritized data routing 
(Quality of Service), classified in class 709, subclass 240. 

Ill Claims 19-20 and 39-40, which are directed to computer-to-computer data 
transfer regulating (packet surveillance), classified in class 709, subclass 
232. 

The inventions are distinct, each from the others because of the following 
reasons: 

Inventions I, II, and III are related as combination and subcombination. 
Inventions in this relationship are distinct if it can be shown that (1) the combination as 
claimed does not require the particulars of the subcombination as claimed for 
patentability, and (2) that the subcombination has utility by itself or in other 
combinations (MPEP § 806.05(c)). In the instant case, the combination as claimed 
does not require the particulars of the subcombinations as claimed because Quality of 
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Service or packet surveillance is not needed for access authorization. Invention II has 
separate utility such as assigning a quality of service (QoS) metric to matching data 
packets. Invention III has separate utility such as specifying that surveillance is to 
perform on the data packet. 

The examiner has required restriction between combination and subcombination 
inventions. Where applicant elects a subcombination, and claims thereto are 
subsequently found allowable, any claim(s) depending from or otherwise requiring all 
the limitations of the allowable subcombination will be examined for patentability in 
accordance with 37 CFR 1 .104. See MPEP § 821 .04(a). Applicant is advised that if 
any claim presented in a continuation or divisional application is anticipated by, or 
includes all the limitations of, a claim that is allowable in the present application, such 
claim may be subject to provisional statutory and/or nonstatutory double patenting 
rejections over the claims of the instant application. 

Because these inventions are independent or distinct for the reasons given 
above and there would be a serious burden on the examiner if restriction is not required 
because the inventions have acquired a separate status in the art in view of their 
different classification, restriction for examination purposes as indicated is proper. 

Because these inventions are independent or distinct for the reasons given 
above and there would be a serious burden on the examiner if restriction is not required 
because the inventions require a different field of search (see MPEP § 808.02), 
restriction for examination purposes as indicated is proper. 
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Because these inventions are independent or distinct for the reasons given 
above and there would be a serious burden on the examiner if restriction is not required 
because the inventions have acquired a separate status in the art due to their 
recognized divergent subject matter, restriction for examination purposes as indicated is 
proper. 

During a telephone conversation with Applicant's representative, Mr. David J. 
Goren, on 03/04/2009 a provisional election was made without traverse to prosecute the 
invention of Group I, claims 1-8, 13-18, 21-28, and 33-38, which is directed to computer 
network access regulating (access authorization), classified in class 709, subclass 225. 
Affirmation of this election must be made by applicant in replying to this Office action. 
Group II (claims 9-12 and 29-32, which is directed to prioritized data routing (Quality of 
Service), classified in class 709, subclass 240) and Group III (claims 19-20 and 39-40, 
which is directed to computer-to-computer data transfer regulating (packet surveillance), 
classified in class 709, subclass 232) are withdrawn from further consideration by the 
examiner, 37 CFR 1.142(b), as being drawn to a non-elected invention. 

Priority 

3. Acknowledgment is made of applicant's claim for benefit of 60/406,71 3 filed on 
08/28/2002. 

Specification 

4. The specification is objected to as failing to provide proper antecedent basis for 
the claimed subject matter. See 37 CFR 1.75(d)(1) and MPEP § 608.01 (o). Correction 
of the following is required: Applicant fails to provide antecedent basis for the claim 
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terminologies "computer readable medium" and "data processing equipment" in claims 
21,25, 33, and 37. 

Claim Rejections - 35 USC §112 

5. The following is a quotation of the first paragraph of 35 U.S. C. 112: 

The specification shall contain a written description of the invention, and of the manner and process of 
making and using it, in such full, clear, concise, and exact terms as to enable any person skilled in the art to 
which it pertains, or with which it is most nearly connected, to make and use the same and shall set forth the 
best mode contemplated by the inventor of carrying out his invention. 

6. Claims 21 -28, and 33-38 are rejected under 35 U.S.C. 1 1 2, first paragraph, as 
failing to comply with the written description requirement. The claim(s) contains subject 
matter which was not described in the specification in such a way as to reasonably 
convey to one skilled in the relevant art that the inventor(s), at the time the application 
was filed, had possession of the claimed invention. "A computer program product 
tangibly embodied in a computer readable medium" is claimed. The specification fails 
to provide support for the data number identifier besides the cited "a computer program 
tangibly embodied in an information carrier, e.g., in a machine-readable storage device 
or in a propagated signal" (page 17, lines 13-14). 

7. The following is a quotation of the second paragraph of 35 U.S.C. 1 12: 

The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the 
subject matter which the applicant regards as his invention. 

8. Claims 5-8, 21-28, and 33-38 are rejected under 35 U.S.C. 112, second 
paragraph, as being indefinite for failing to particularly point out and distinctly claim the 
subject matter which applicant regards as the invention. 

Claims 5 and 25 recite the limitation "if there is a matching packet policy 
specifying a second packet policy, processing the data packet based on the policy 
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action fields of the second packet policy." It is unclear what will happen if there is no 
matching packet policy specifying a second packet policy. 

Claims 6-8 and 26-28 are necessarily rejected as being dependent upon the 
rejection of claims 5 and 25. 

Claims 21 , 25, 33, and 37 recite the limitation "A computer program product 
tangibly embodied in a computer readable medium, the computer program product 
comprising instructions operable to cause data processing equipment..." It is unclear 
whether the computer readable medium is associated with the data processing 
equipment or not. 

Claims 22-24, 26-28, 34-36, and 38 are necessarily rejected as being dependent 
upon the rejection of claims 21 , 25, 33, and 37. 

Claim Rejections - 35 USC § 101 

9. 35 U.S.C. 101 reads as follows: 

Whoever invents or discovers any new and useful process, machine, manufacture, or composition of matter, 
or any new and useful improvement thereof, may obtain a patent therefor, subject to the conditions and 
requirements of this title. 

1 0. Claims 21 -28, and 33-38 are rejected under 35 U.S.C. 1 01 because the claimed 
invention is directed to non-statutory subject matter. 

Claims 21 , 25, 33, and 37 recite the limitation "A computer program product 
tangibly embodied in a computer readable medium..." that is described in page 17, 
lines 12-16 of original specification as "The invention can be implemented as a 
computer program product, i.e., a computer program tangibly embodied in an 
information carrier, e.g., in a machine-readable storage device or in a propagated 
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signal, for execution by, or to control the operation of, data processing apparatus, e.g., 
a programmable processor, a computer, or multiple computers." As such, the claims 
cover embodiments directed to signals, per se. These claims are being rejected as 
non-statutory as directed to a form of energy rather than a patent-eligible machine, 
manufacture, process or composition of matter. 

Claims 22-24, 26-28, 34-36, and 38 are necessarily rejected as being dependent 
upon the rejection of claims 21 , 25, 33, and 37. 

Claim Rejections - 35 USC § 102 

1 1 . The following is a quotation of the appropriate paragraphs of 35 U.S.C. 1 02 that 
form the basis for the rejections under this section made in this Office action: 

A person shall be entitled to a patent unless - 

(b) the invention was patented or described in a printed publication in this or a foreign country or in public 
use or on sale in this country, more than one year prior to the date of application for patent in the United 
States. 

12. Claims 1-8, 17-18, 21-28, and 37-38 are rejected under 35 U.S.C. 102(b) as 
being anticipated by Kadambi et al. (US 6,154,446, hereinafter Kadambi). 

Regarding claim 1 , Kadambi discloses a method for processing data packets in a 
computer network, comprising: 

configuring a multilayer switch to process data packets at wire-speed based on 
one or more user defined packet policies, each user defined packet policy specifying 
information for one or more of Layers 4 through 7 [FIG. 2, col. 4 line 29 through col. 5 
line 23, "CPU 52 can be used as necessary to program SOC 10 with rules which are 
appropriate to control packet processing. However, once SOC 10 is appropriately 
programmed or configured, SOC 10 operates, as much as possible, in a free running 
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manner without communicating with CPU 52", configuring SOC 10 and rules tables 22a, 
22b, 22c, 31a, 31b]; 

receiving a data packet at the multilayer switch, the data packet including 
information from one or more of Layers 2 through 7 of the OSI model [col. 16, lines 17- 
21 , "packet 1 1 2 is received at input port 24 of EPIC 20. . . initiates lookup in ARL/L3 
tables 21"]; 

determining if there is a match between the data packet and one or more of the 
packet policies, each packet policy authorizing matching data packets to use the 
computer network [col. 20 line 15 through col. 21 line 57, "The filters utilized by FFP 141 
are defined by rules table 22. Rules table 22 is completely programmable by CPU 52, 
through CMIC 40... If the filter is designated as an exclusive filter, the filter will exclude 
all packets unless there is a match. In other words, the exclusive filter allows a packet to 
go through the forwarding process only if there is a filter match."]; 

if there is a matching packet policy authorizing the data packet, routing the data 
packet using a Layer 2-3 switch [col. 20, lines 35-39, "the exclusive filter allows a packet 
to go through the forwarding process only if there is a filter match"]; and 

if there is no matching packet policy authorizing the data packet, blocking the 
data packet [col. 20, lines 35-40, "the filter will exclude all packets unless there is a 
match"]. 

Regarding claim 2, Kadambi further discloses wherein the user defined packet 
policies include timed packet policies, the timed packet policies being active during 
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specified date or time intervals, and determining if there is at least one matching packet 
policy comprises: determining if there is a currently active timed matching policy [col. 
18, lines 55-56, time-to-live; col. 23, lines 1-7, age timer]. 

Regarding claim 3, Kadambi further discloses wherein the user defined packet 
policies authorize data packets being transmitted or received by authorized users, 
applications, physical ports, application ports, IP addresses, or MAC addresses [col. 2, 
lines 25-35, "Bridges can build a table of forwarding rules based upon which MAC 
(media access controller) addresses exist on which ports of the bridge, and pass 
packets which are destined for an address which is located on an opposite side of the 
bridge"]. 

Regarding claim 4, Kadambi further discloses wherein blocking the data packet 
comprises: discarding the data packet [col. 19, lines 49-63, "If there is no match, the 
packet is discarded"], logging the data packet, or forwarding the data packet to a 
multilayer switch application for processing. 

Regarding claim 5, Kadambi discloses a method for processing data packets in a 
computer network, comprising: 

configuring a multilayer switch to process data packets at wire-speed based on 
one or more user defined packet policies, each user defined packet policy specifying 
information for one or more of Layers 4 through 7 [FIG. 2, col. 4 line 29 through col. 5 
line 23, "CPU 52 can be used as necessary to program SOC 10 with rules which are 
appropriate to control packet processing. However, once SOC 10 is appropriately 
programmed or configured, SOC 10 operates, as much as possible, in a free running 
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manner without communicating with CPU 52", configuring SOC 10 and rules tables 22a, 
22b, 22c, 31a, 31b]; 

receiving a data packet at the multilayer switch, the data packet including 
information from one or more of Layers 2 through 7 of the OSI model [col. 16, lines 17- 
21 , "packet 1 1 2 is received at input port 24 of EPIC 20. . . initiates lookup in ARL/L3 
tables 21"]; 

determining if there is a match between the data packet and one or more packet 
policies that specify a second packet policy to be applied to the matching data packets, 
the second packet policy having one or more policy action fields [FIG. 14, ARL/L3 
Tables and Rules Tables; col. 1 6 line 9 through col. 21 line 57. Note that the ARL 
engine matches the first packet policy using ARL/L3 Tables and the Fast Filtering 
Processor matches the second packet policy using Rules Tables]; and 

if there is a matching packet policy specifying a second packet policy, processing 
the data packet based on the policy action fields of the second packet policy [col. 20 line 
35 through col. 21 line 36, "the exclusive filter allows a packet to go through the 
forwarding process only if there is a filter match"]. 

Regarding claim 6, Kadambi further discloses wherein the matching packet policy 
specifies the application of a preexisting second packet policy, and processing the data 
packet comprises: identifying the preexisting second packet policy specified by the 
matching packet policy [col. 20, lines 15-61, Rules Table 22]; and processing the data 
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packet based on the policy action fields of the preexisting second packet policy [col. 20 
line 62 through col. 21 Iine18]. 

Regarding claim 7, Kadambi further discloses wherein the matching packet policy 
specifies the application of a dynamically created second packet policy, and processing 
the data packet comprises: creating the second packet policy specified by the matching 
packet policy [col. 16, lines 9-15]; and processing the data packet based on the policy 
action fields of the created second packet policy [col. 20 line 35 through col. 21 line 36]. 

Regarding claim 8, Kadambi further discloses wherein processing the data 
packet comprises: routing the data packet using a Layer 2-3 switch [col. 33 line 54 
through col. 34 line 14]. 

Regarding claim 17, Kadambi discloses a method for processing data packets in 
a computer network, comprising: 

configuring a multilayer switch to process data packets at wire-speed based on 
one or more user defined packet policies, each user defined packet policy specifying 
information for one or more of Layers 4 through 7 [FIG. 2, col. 4 line 29 through col. 5 
line 23, "CPU 52 can be used as necessary to program SOC 10 with rules which are 
appropriate to control packet processing. However, once SOC 10 is appropriately 
programmed or configured, SOC 10 operates, as much as possible, in a free running 
manner without communicating with CPU 52", configuring SOC 10 and rules tables 22a, 
22b, 22c, 31a, 31b]; 
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receiving a data packet at a particular port of the multilayer switch, the data 
packet including information from one or more of Layers 2 through 7 of the OSI model 
[FIG. 1, col. 4, lines 15-25, fast Ethernet port; col. 16, lines 17-21 , "packet 1 12 is 
received at input port 24 of EPIC 20... initiates lookup in ARL/L3 tables 21"]; 

determining if there is a match between the data packet and one or more of the 
packet policies, each packet policy blocking matching data packets received at the 
particular port from utilizing the computer network [col. 20 line 15 through col. 21 line 
57, "The filters utilized by FFP 141 are defined by rules table 22. Rules table 22 is 
completely programmable by CPU 52, through CMIC 40... If the filter is designated as 
an exclusive filter, the filter will exclude all packets unless there is a match. In other 
words, the exclusive filter allows a packet to go through the forwarding process only if 
there is a filter match."]; 

if there is a matching packet policy blocking the data packet, blocking the data 
packet [col. 28, lines 46-48, "If the port bit for that particular port is set to zero, then the 
ingress is configured to drop all packets going to that port"]; and 

if there is no matching packet policy blocking the data packet, processing the 
data packet [col. 20, lines 35-40, "the filter will exclude all packets unless there is a 
match"]. 

Regarding claim 18, Kadambi further discloses wherein the user defined packet 
policies block data packets received at the particular port, for data packets having a 
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subnet address [col. 27, lines 10-11], a range of subnet addresses, a host address, or a 
range of host addresses. 

Claims 21 -28 are of the same scope as claims 1 -8. They are rejected for the 
same reasons as for claims 1-8 respectively. 

Claims 37-38 are of the same scope as claims 17-18. They are rejected for the 
same reasons as for claims 17-18 respectively. 

Claim Rejections - 35 USC § 103 

1 3. The following is a quotation of 35 U.S.C. 1 03(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set 
forth in section 102 of this title, if the differences between the subject matter sought to be patented and 
the prior art are such that the subject matter as a whole would have been obvious at the time the 
invention was made to a person having ordinary skill in the art to which said subject matter pertains. 
Patentability shall not be negatived by the manner in which the invention was made. 

14. Claims 13-16 and 33-36 are rejected under 35 U.S.C. 103(a) as being 
unpatentable over Kadambi as applied to claim 1 above, and further in view of Markham 
(US 2003/0126468 A1 , hereinafter Markham). 

Regarding claim 13, Kadambi discloses a method for processing data packets in 
a computer network, comprising: 

configuring a multilayer switch to process data packets at wire-speed based on 
one or more user defined packet policies, each user defined packet policy specifying 
information for one or more of Layers 4 through 7 [FIG. 2, col. 4 line 29 through col. 5 
line 23, "CPU 52 can be used as necessary to program SOC 10 with rules which are 
appropriate to control packet processing. However, once SOC 10 is appropriately 
programmed or configured, SOC 10 operates, as much as possible, in a free running 
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manner without communicating with CPU 52", configuring SOC 10 and rules tables 22a, 
22b, 22c, 31a, 31b]; 

receiving a data packet at the multilayer switch, the data packet including 
information from one or more of Layers 2 through 7 of the OSI model [col. 16, lines 17- 
21 , "packet 1 1 2 is received at input port 24 of EPIC 20. . . initiates lookup in ARL/L3 
tables 21"]; 

determining if there is a match between the data packet and one or more of the 
packet policies, each packet policy authorizing matching data packets to use the 
computer network [col. 20 line 15 through col. 21 line 57, "The filters utilized by FFP 141 
are defined by rules table 22. Rules table 22 is completely programmable by CPU 52, 
through CMIC 40... If the filter is designated as an exclusive filter, the filter will exclude 
all packets unless there is a match. In other words, the exclusive filter allows a packet to 
go through the forwarding process only if there is a filter match."]; 

if there is a matching packet policy authorizing the data packet, routing the data 
packet using a Layer 2-3 switch [col. 20, lines 35-39, "the exclusive filter allows a packet 
to go through the forwarding process only if there is a filter match]; and 

if there is no matching packet policy authorizing the data packet, blocking the 
data packet [col. 20, lines 35-40, "the filter will exclude all packets unless there is a 
match"]. 

Kadambi discloses the claimed invention except for the data packet being part of 
a network flow representing access to a specific website. Markham discloses a system 
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and method for blocking access to a web server [para. 0076] and for performing flow 
control as a function of policy driven bandwidth management [para. 0089]. When an 
operation is in progress, mission critical traffic is prioritized ahead of background traffic, 
such as Web browsing. It would have been obvious to a person with ordinary skill in the 
art at the time the invention was made to incorporate Markham's teaching into 
Kadambi's method for the purpose of identifying and prioritizing traffic by filtering 
network flow as a function of policy including accessing to a specific website, thereby 
providing expedited traffic capabilities to support transmission of time-critical information 
in a LAN environment [para. 0089]. 

Regarding claim 14, Kadambi further discloses wherein the user defined packet 
policies include timed packet policies, the timed packet policies being active during 
specified date or time intervals, and determining if there is at least one matching packet 
policy comprises: determining if there is a currently active timed matching policy 
authorizing access to the specific website [col. 18, lines 55-56, time-to-live; col. 23, lines 
1-7, age timer]. 

Regarding claim 15, Kadambi further discloses wherein the user defined packet 
policies authorize access to specific websites by authorized users, applications, 
physical ports, application ports, IP addresses, or MAC addresses [col. 2, lines 25-35]. 

Regarding claim 16, Kadambi further discloses wherein blocking the data packet 
comprises: discarding the data packet [col. 20, lines 35-40], logging the data packet, or 
forwarding the data packet to a multilayer switch application for processing. 
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Claims 33-36 are of the same scope as claims 13-16. They are rejected for the 
same reasons as for claims 13-16 respectively. 

Conclusion 

1 5. The prior art made of record and not relied upon is considered pertinent to 
applicant's disclosure. Applicant is reminded that in amending in response to a rejection 
of claims, the patentable novelty must be clearly shown in view of the state of the art 
disclosed by the references cited and the objection made. Applicant must show how 
the amendments avoid such references and objections. See 37 CFR 1.111 (c). 

16. McCloghrie et al., US Patent Number 6,286,052 B1 , has taught a method and 
apparatus for identifying network data traffic flows and for applying quality of service 
treatments to the flows. 

17. Tzeng, US Patent Number 7,424,012 B2, has taught a linked network switch 
configuration. 

Examiner's Note: Examiner has cited particular columns and line numbers in 
the references applied to the claims above for the convenience of the applicant. 
Although the specified citations are representative of the teachings of the art and 
are applied to specific limitations within the individual claim, other passages and 
figures may apply as well. It is respectfully requested from the applicant in 
preparing responses, to fully consider the references in entirety as potentially 
teaching all or part of the claimed invention, as well as the context of the passage 
as taught by the prior art or disclosed by the Examiner. 
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In the case of amending the claimed invention, Applicant is respectfully 
requested to indicate the portion(s) of the specification which dictate(s) the 
structure relied on for proper interpretation and also to verify and ascertain the 
metes and bounds of the claimed invention. 

Any inquiry concerning this communication or earlier communications from 
the examiner should be directed to Michael C. Lai whose telephone number is 
(571) 270-3236. The examiner can normally be reached on M-F 8:30 - 5:00 
EST. 

If attempts to reach the examiner by telephone are unsuccessful, the 
examiner's supervisor, Ario Etienne can be reached on (571) 272-4001 . The fax 
phone number for the organization where this application or proceeding is 
assigned is 571-273-8300. 

Information regarding the status of an application may be obtained from 
the Patent Application Information Retrieval (PAIR) system. Status information 
for published applications may be obtained from either Private PAIR or Public 
PAIR. Status information for unpublished applications is available through 
Private PAIR only. For more information about the PAIR system, see http://pair- 
direct.uspto.gov. Should you have questions on access to the Private PAIR 
system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll- 
free). If you would like assistance from a USPTO Customer Service 
Representative or access to the automated information system, call 800-786- 
9199 (IN USA OR CANADA) or 571-272-1000. 
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/YVES DALENCOURT/ 
Primary Examiner, Art Unit 2457 



